https://issues.shibboleth.net/jira/browse/CPPXT-82

[shibboleth/cpp-xmltooling.git] / xmltooling / soap / impl / CURLSOAPTransport.cpp

diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index a5fb29a..17e4d99 100644 (file)
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -1,17 +1,21 @@
-/*
- *  Copyright 2001-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
  *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
 /**
@@ -87,8 +91,9 @@ namespace xmltooling {
 
         virtual ~CURLSOAPTransport() {
             curl_slist_free_all(m_headers);
-            curl_easy_setopt(m_handle,CURLOPT_ERRORBUFFER,nullptr);
-            curl_easy_setopt(m_handle,CURLOPT_PRIVATE,m_authenticated ? "secure" : nullptr); // Save off security "state".
+            curl_easy_setopt(m_handle, CURLOPT_USERAGENT, nullptr);
+            curl_easy_setopt(m_handle, CURLOPT_ERRORBUFFER, nullptr);
+            curl_easy_setopt(m_handle, CURLOPT_PRIVATE, m_authenticated ? "secure" : nullptr); // Save off security "state".
             g_CURLPool->put(m_sender.c_str(), m_peerName.c_str(), m_endpoint.c_str(), m_handle);
         }
 
@@ -204,6 +209,7 @@ namespace xmltooling {
         CURL* m_handle;
         stringstream m_stream;
         struct curl_slist* m_headers;
+               string m_useragent;
         map<string,vector<string> > m_response_headers;
         vector<string> m_saved_options;
 #ifndef XMLTOOLING_NO_XMLSEC
@@ -241,13 +247,6 @@ namespace xmltooling {
     }
 };
 
-void xmltooling::registerSOAPTransports()
-{
-    XMLToolingConfig& conf=XMLToolingConfig::getConfig();
-    conf.SOAPTransportManager.registerFactory("http", CURLSOAPTransportFactory);
-    conf.SOAPTransportManager.registerFactory("https", CURLSOAPTransportFactory);
-}
-
 void xmltooling::initSOAPTransports()
 {
     g_CURLPool=new CURLPool();
@@ -259,14 +258,6 @@ void xmltooling::termSOAPTransports()
     g_CURLPool = nullptr;
 }
 
-OpenSSLSOAPTransport::OpenSSLSOAPTransport()
-{
-}
-
-OpenSSLSOAPTransport::~OpenSSLSOAPTransport()
-{
-}
-
 CURLPool::~CURLPool()
 {
     for (poolmap_t::iterator i=m_bindingMap.begin(); i!=m_bindingMap.end(); i++) {
@@ -323,11 +314,6 @@ CURL* CURLPool::get(const SOAPTransport::Address& addr)
     curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook);
     curl_easy_setopt(handle,CURLOPT_WRITEFUNCTION,&curl_write_hook);
     curl_easy_setopt(handle,CURLOPT_DEBUGFUNCTION,&curl_debug_hook);
-    string ua = XMLToolingConfig::getConfig().user_agent;
-    if (!ua.empty()) {
-        ua = ua + " libcurl/" + LIBCURL_VERSION + ' ' + OPENSSL_VERSION_TEXT;
-        curl_easy_setopt(handle, CURLOPT_USERAGENT, ua.c_str());
-    }
     return handle;
 }
 
@@ -538,6 +524,17 @@ void CURLSOAPTransport::send(istream* in)
         m_headers = curl_slist_append(m_headers, hdr.c_str());
     }
 
+    m_useragent = XMLToolingConfig::getConfig().user_agent;
+    if (!m_useragent.empty()) {
+        curl_version_info_data* curlver = curl_version_info(CURLVERSION_NOW);
+        m_useragent += " libcurl/";
+        if (curlver)
+            m_useragent = m_useragent + curlver->version + ' ' + curlver->ssl_version;
+        else
+            m_useragent = m_useragent + LIBCURL_VERSION + ' ' + OPENSSL_VERSION_TEXT;
+        curl_easy_setopt(m_handle, CURLOPT_USERAGENT, m_useragent.c_str());
+    }
+
     // Set request headers.
     curl_easy_setopt(m_handle,CURLOPT_HTTPHEADER,m_headers);
 
@@ -667,7 +664,21 @@ int xmltooling::verify_callback(X509_STORE_CTX* x509_ctx, void* arg)
 
     if (!success) {
         log.error("supplied TrustEngine failed to validate SSL/TLS server certificate");
-        x509_ctx->error=X509_V_ERR_APPLICATION_VERIFICATION;     // generic error, check log for plugin specifics
+        if (x509_ctx->cert) {
+            BIO* b = BIO_new(BIO_s_mem());
+            X509_print(b, x509_ctx->cert);
+            BUF_MEM* bptr = nullptr;
+            BIO_get_mem_ptr(b, &bptr);
+            if (bptr && bptr->length > 0) {
+                string s(bptr->data, bptr->length);
+                if (ctx->m_mandatory)
+                    log.error(s);
+                else
+                    log.debug(s);
+            }
+            BIO_free(b);
+        }
+        x509_ctx->error = X509_V_ERR_APPLICATION_VERIFICATION;     // generic error, check log for plugin specifics
         ctx->setAuthenticated(false);
         return ctx->m_mandatory ? 0 : 1;
     }